New malware steals credit card data from point-of-sale terminals

A security researcher has uncovered a type of malware being used to directly steal credit card payment information straight from point-of-sale terminals at retailers, hotels and other places of business.

Attacks on retailers is increasing, and it's not just online purchases consumers have to worry about. A new attack has reportedly infected the point-of-sale (PoS) systems at many large retailers, hotels, restaurants and others, reported Ars Technica.

According to the researchers at Seculert, reportedly hundreds of businesses have been infected over the past two to three months by malware that was installed remotely. What the cybercriminals are said to be doing is targeting larger systems that can capture a substantial amount of data rather than aim for stealing data with individual transactions.

"Dexter", the name of the malware driving the exploit was taken from a string of code found in one of the malware's files.

"Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few PoS systems with specially crafted malware. Dexter is one example of such malware," Seculert wrote in a blog post posted on Dec. 12.

While security experts are not clear on how the exploiters are targeting PoS systems, they did notice a trend of almost a third of targets were using Windows servers and the stolen information was uploaded to a server hosted in the Republic of Seychelles.

Additionally, the exploit is not limited to any particular geographical region as Seculert researchers say PoS systems have been identified to date as having targeted in 40 different countries across the globe, however, it is not sure how many unknowns are out there. They did say that 42 percent of known infections occurred in North America (30 percent of this is in the U.S.), 19 percent in the U.K. and 9 percent in Canada.

To date, tens of thousands of payment card information has been stolen in the past few weeks, reported IDG News Service (via Computerworld).

Seculert is not naming the businesses that fell victim to the hackers.

"We cannot comment on specific victims of the attack," said Aviv Raff, CTO at Seculert, reported Dark Reading. "I can say that there are different retailers that were part of the victim list."

It is believed the intention of stealing massive amounts of credit card information is to clone credit cards.

Throughout 2012 retailers are increasingly being targeted right inside the brick and mortar stores. In October, it was reported PIN pad tampering affected 63 Barnes and Noble stores. Dark Reading reported it is unclear at this time if this attack is related to Dexter.